Method and system for providing information on pre-purchase and post-purchase items using rfid and computer-readable storage media storing programs for executing the method

ABSTRACT

Pre-purchase and post-purchase item information provision methods and systems using an RFID technology and computer readable storage media storing programs for executing the methods are provided. A pre-purchase item information provision method for a radio frequency identification system according to the present invention includes transmitting, if a mobile reader is detected by a local server installed in a salesroom, a certificate containing information on a location of an object information service server and an authentication value to the mobile reader; transmitting, at the mobile reader, a query requesting an item ID to a tag attached to a target item; transmitting, at the tag, a item ID information generated by encrypting the item ID using the authentication value to the mobile reader; transmitting, at the mobile reader, the item ID information and the authentication value to the object information service server; and transmitting, at the object information service server, data retrieved in a database in correspondence to the item ID, the data being retrieved when the authentication value exists in the database. The item information provision method and system of the present invention can guarantee reliability of information on an item in the pre-purchase state and prevent the information from being eavesdropped in both the pre-purchase and post-purchase states. Also, the item information provision method and system can prevent the tag ID from being tracked, thereby protecting purchaser&#39;s privacy, preventing the tag from being forged, and improving computation efficiency.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims priority of Korean Patent Application Number10-2007-0020602, filed on Feb. 28, 2007.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a Radio Frequency Identification (RFID)system and, in particular, to a method and system for providinginformation on pre-purchase or post-purchase items using an RFIDtechnology and computer readable storage media storing programs forexecuting the method.

2. Description of the Related Art

Radio Frequency Identification (RFID) is an automatic identificationtechnology which relies on storing and remotely retrieving data usingdevices call RFID tags. Since the RFID system enables quickly readingthe data from the RFID tags without physical contact it is oftenenvisioned as a replacement for barcode identification systems.Recently, RFID system is partially used for physical distribution,traffic control, animal control, etc.

As a similar identification system, 2D barcode system is used for mobileticketing services. However, the utilization of 2D barcode is limited inits very short recognition distance.

In the RFID system, an RFID reader transmits a query to an RFID tag andthe RFID tag transmits its information in response to the query. Theinformation received from the RFID tag is transmitted to a database. Insuch a manner, a service provider can simply obtain information of thetag carried by a customer and provide the customer with acustomer-specific service on the basis of the information. However,since the RFID tag and RFID reader communicate with each other throughan insecure channel, the information is vulnerable to attackers, thismay include private information such as credit information, purchasepatterns, and health condition. Also, the eavesdropped information maybe used for tracking the user's location in illegal ways.

In a case of using the RFID tags for providing product information, theinformation embedded in the tags of items on shelves should be readableby all customers mobile readers, except after being purchased.

However, the conventional RFID system has a drawback in that theinformation embedded in the RFID tag is read by any mobile reader evenafter the item attached the RFID tag has been purchased, whereby thepurchase item list can be eavesdropped and the purchaser can be tracedby another person, resulting in infringement of customer's privacy.Also, since the electronic product code (EPC) is transferred without anysecurity authentication process, an attacker can eavesdrop on the EPCfor forgery.

SUMMARY OF THE INVENTION

The present invention has been made in an effort to solve the aboveproblems, and it is an object of the present invention to provide anRFID-based pre-purchase item information provision method that iscapable of guaranteeing reliability of information on items beforeselling, preventing the tags from forgery, and improving computationefficiency.

It is another object of the present invention to provide an RFID-basedpost-purchase item information provision method that is capable ofprotecting a purchaser's privacy by preventing the information frombeing eavesdropped and the purchaser from being tracked by item IDs,protecting forgery of the tags, and improving computation efficiency.

It is another object of the present invention to provide a computerreadable storage media storing programs executing an RFID-basedpre-purchase and post-purchase items information provision method.

It is another object of the present invention to provide an RFID-basedpre-purchase item information provision system.

It is another object of the present invention to provide an RFID-basedpost-purchase item information provision system.

In accordance with an aspect of the present invention, the above andother objects are accomplished by a pre-purchase item informationprovision method for a radio frequency identification system. Thepre-purchase item information provision method includes transmitting, ifa mobile reader is detected by a local server installed in a salesroom,a certificate containing information on a location of an objectinformation service server and an authentication value to the mobilereader; transmitting, from the mobile reader, a query requesting an itemID to a tag attached to a target item; transmitting, from the tag, itemID information generated by encrypting the item ID using theauthentication value to the mobile reader; transmitting, from the mobilereader, the item ID information and the authentication value to theobject information service server; and transmitting, from the objectinformation service server, data retrieved from a database correspondingto the item ID, the data being retrieved when the authentication valueexists in the database.

In accordance with another aspect of the present invention, the aboveand the other objects are accomplished by a pre-purchase iteminformation display method for a mobile reader in a radio frequencyidentification system. The pre-purchase item information display methodincludes receiving, at the mobile reader, a certificate containinginformation on a location of an object information service server andauthentication value from a local server installed in a salesroom;requesting a tag attached to an item for an item ID embedded in the tag;receiving item ID information generated by encrypting the item ID usingthe authentication value from the tag; transmitting the item IDinformation and the authentication value to the object informationservice server; and receiving data corresponding to the item ID from theobject information service server.

In accordance with another aspect of the present invention, the aboveand other objects are accomplished by a post-purchase item informationprovision method for a radio frequency identification system. Thepost-purchase item information provision method includes receiving, at amobile reader, item keys of purchased items from an object informationservice server; transmitting a query containing a first random valuegenerated by the mobile reader to a tag attached to the purchased item;receiving a first value and a second value from the tag, the first valuebeing obtained by encrypting an item ID with a second random valuegenerated by the tag, the second value being obtained by encrypting thesecond random value with the item key; extracting the second randomvalue from the second value using the item key and extracting the itemIDs from the first value using the second random value; transmitting theitem ID formatted in electronic product code (EPC) among extracted itemIDs to the object information service server; and receiving datacorresponding to the item ID from the object information service server.

In accordance with another aspect of the present invention, the aboveand other objects are accomplished by a post-purchase item informationprovision method for a radio frequency identification system. Thepost-purchase item information provision method includes receiving, at amobile reader, item keys of purchased items from an object informationservice server; transmitting a query containing a first random value toa tag attached to an item, the first random value being generated by themobile reader; receiving a first value and a second value from the tag,the first value being obtained by encrypting the item ID with a secondrandom value, the second value being obtained by encrypting the secondrandom value with the item key embedded in the tag; extracting thesecond random value from the second value using the item key andextracting the item IDs from the first value using the second randomvalue; transmitting the item ID formatted in electronic product code(EPC) among extracted item IDs to the object information service server;and receiving data corresponding to the item ID from the objectinformation service server.

In accordance with another aspect of the present invention, the aboveand other objects are a pre-purchase item information provision systemusing a radio frequency identification system. The pre-purchase iteminformation provision system includes a mobile reader which receives acertificate containing information on a location of an objectinformation service server and an authentication value from a localserver installed in a salesroom, transmits a query for requesting itemID to a tag attached to a specific item in response to a user command,receives item ID information generated by encrypting the item ID usingthe authentication value from the tag, and transmits the item IDinformation and the authentication value to the object informationservice server; a tag which receives the query from the mobile readerand transmits item ID information generated by encrypting the item IDusing the authentication value; an object information service serverwhich searches a database for the authentication value, retrieves, ifthe authentication value is found, data corresponding to item ID fromthe database, and transmits the data to the mobile reader; and a localserver storing certificate containing the information of the objectinformation service server and authentication value.

In accordance with another aspect of the present invention, the aboveand other objects are accomplished by a post-purchase item informationprovision system using a radio frequency identification system. Thepost-purchase item information provision system includes a tag whichgenerates a second random value, generates a first value by encryptingan item ID with the second random value, generates a second value byencrypting the second random value with a tag key, and transmits thefirst and second values to a mobile reader; a mobile reader whichreceives item keys of purchased items from an object information serviceserver, transmits a query containing a first random value generated bythe mobile reader to a tag attached to the purchased item, extracts thesecond random value from the second value using the item key, andextracts the item IDs from the first value using the second randomvalue; and an object information service server which transmits, when anitem ID formatted in electronic product code (EPC) is received, datacorresponding to the item ID to the mobile reader.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features and advantages of the presentinvention will be more apparent from the following detailed descriptionin conjunction with the accompanying drawings, in which:

FIG. 1 a is a diagram illustrating an electronic product code (EPC)format used in a RFID system according to an exemplary embodiment of thepresent invention.

FIG. 1 b is a diagram illustrating a pre-purchase and post-purchase iteminformation provision system using RFID technique according to anexemplary embodiment of the present invention;

FIG. 2 is a signaling diagram illustrating signal flows of a system forproviding information on an item in a pre-purchase state according to anexemplary embodiment of the present invention;

FIG. 3 is a signaling diagram illustrating signal flows for an initialsetting of a mobile reader of the system of FIG. 2;

FIG. 4 is a signaling diagram illustrating signal flows of a system forproviding information on an item in a post-purchase state according toan exemplary embodiment of the present invention;

FIG. 5 is a flowchart illustrating a pre-purchase item informationprovision method using an RFID system according to an exemplaryembodiment of the present invention;

FIG. 6 is a flowchart illustrating an initial setting procedure forproviding purchased item information of the item information provisionmethod according to an exemplary embodiment of the present invention;and

FIG. 7 is a flowchart illustrating a post-purchase item informationprovision method using an RFID system according to an exemplaryembodiment of the present invention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

The present invention allows a customer to obtain reliable informationon items before and after purchasing and guarantees customer's privacyin a mobile RFID system environment.

In mobile RFID system environment constructed by applying the presentinvention, the customer can check information on pre-purchase andpost-purchase items. Before purchasing an item, the customer can checkwhether the item is an authentic one or not using an authenticationcertificate issued by the manufacturer. Also, the access to theinformation on the purchased item is restricted to only the purchaser,resulting in protection of customer's privacy.

In the mobile RFID system, unique information of the tag is stored in anElectronic Product Code (EPC) format. The EPC is composed of a Header,an EPC manager, an Object Class, and a Serial number as shown in FIG. 1a.

Table 1 shows the definitions of the fields of the EPC.

TABLE 1 Field Description Header (8 bits) It identifies the type andlength of data. EPC Manager (28 bits) It identifies entity such as anorganization or company responsible for managing Object Class and SerialNumber. Object Class (24 bits) It identifies a class or unit of item.Serial Number (36 bits) It identifies a unique number assigned to eachitem.

Table 2 shows definitions of symbols used in the following descriptions.

TABLE 2 Symbol Definition requestp A signal transmitted by a mobilereader for requesting ID of a pre-purchase item in a salesroom. requestcA signal transmitted by a mobile reader for requesting PID and KID of apost-purchase item. ID EPC of a tag K Key value of a tag Kj Keys storedin a mobile reader ri A random value generated by a PRNG generator ofthe mobile reader rT A random value generated by a tag hK( ) Keyed hashfunction CerTficate(Ci) Certificate for authenticating genuineinformation of item, which includes authentication value (C) andlocation information of a server having information corresponding toEPC. listc Authentication value list ⊕ Exclusive-OR

In table 2, i and j are random indexes. In the following, NID means anencrypted ID of a pre-purchase item, and PID means an encrypted ID of apurchased item.

Exemplary embodiments of the present invention are described withreference to the accompanying drawings in detail. Although the inventionis described in detail with reference to specific embodiments thereof,it will be understood that variations which are functionally equivalentare within the scope of this invention. The same reference numbers areused throughout the drawings to refer to the same or like parts.Detailed descriptions of well-known functions and structuresincorporated herein may be omitted to avoid obscuring the subject matterof the present invention.

FIG. 1 b is a diagram illustrating a pre-purchase and post-purchase iteminformation provision system using RFID technique according to anexemplary embodiment of the present invention. In FIG. 1 b, an RFID tag110 receives a query from a mobile reader 120 and transmits an EPC of anitem to which it is attached in response to the query. The RFID tag 110includes an antenna for RF communication and a microchip for storing andprocessing information. RFID tags are classified into active RFID tagsand passive RFID tags.

Passive RFID tags require no internal power source and are only activewhen a reader is nearby to power them. However, the passive RFID tagsare limited in terms of complicated calculations. The passive RFID tagsare semi-permanent and cheap relative to the active RFID tags since nointernal battery is required. In this embodiment, and EPGglobal Class 1Generation 2 tag supporting a Pseudo Random Number Generator (PRNG) isused. The RFID tag can be configured to generate pseudo-random numbers.

Active RFID tags, unlike passive RFID tags, have their own internalpower source, which is used to power the integrated circuits andbroadcast the signals to the reader. The active RFID tags haverelatively long radio range, however, the active RFID tags are expensiveand have a short shelf life.

The mobile RFID reader 120 can be embedded a mobile device. The mobileRFID reader 120 can transmit a query, detect data transmitted by theRFID tag 110 and rewrite new information on the RFID tag.

An Object Information Service (OIS) server 130 stores content matched tothe EPC of the RFID tag and provides the content in response to arequest.

An Object Naming System (ONS) server 140 operates as a Domain NameService (DNS) server such that it provides a Uniform Resource Location(URL) of the server having the EPC information.

An operation of the above structured system in association withpre-purchase item information provision is described hereinafter.

Upon entering a salesroom, the mobile reader 120 receives a certificatecontaining location information of the OIS server 130 and anauthentication value from a local server 150. If a user requestsinformation on a specific item on a shelf, the mobile reader 120requests an item ID to the RFID tag 110 attached to the item. If theitem ID is received from the RFID tag 110, the mobile reader 120transmits an encrypted item ID and authentication value to the OISserver 130 which is indicated by the location information contained inthe certificate.

The RFID tag 110 is attached to the item. If an item ID request isreceived from the mobile reader 120, the RFID tag 110 encrypts the itemID with the authentication value received from the mobile reader 120 andtransmits the encrypted item ID to the mobile reader 120.

The OIS server 130 determines whether the authentication value receivedfrom the mobile reader 120 exists in a database and, if theauthentication value exists, the OIS server 130 retrieves datacorresponding to the authentication value and transmits the data to themobile reader 120.

The local server 150 stores the certificate containing the locationinformation of the OIS server 130 and the authentication value.

An operation of the above structured system in association withpost-purchase item information provision is described hereinafter.

As described above, the RFID tag 110 is attached to an item. The RFIDtag 110 generates a second pseudo random number and a first value byencrypting the second pseudo random number. The RFID tag 110 alsoencrypts a second value with a tag key and transmits the encryptions ofthe first and second values to the mobile reader 120.

If the item to which the RFID tag 110 is attached is purchased by acustomer, the mobile reader 120 receives the key of the item from theOIS server 130. The mobile reader 120 can use the keys received from theOIS server 130 for generating a purchased item list. If the purchaseditem information request is detected, the mobile reader 120 transmits adata request signal to the RFID tag 110 together with the first pseudorandom number. Next, the mobile reader 120 receives the keys for storingthe first and second values from the OIS server 130, extracts the secondpseudo random number form the second value using the keys, and extractsthe item ID from the first value with the second pseudo random number.

Preferably, the mobile reader 120 is configured such that the mobilereader 120 transmits the ID formatted in the EPC structure among theextracted IDs to the ONS server 140 and requests data on the EPC to theOIS server 130 which is notified by using the URL and checked IDreceived from the ONS server 140. At this time, the ONS server 140identifies the item ID and transmits the URL of the OIS server havingthe data corresponding to the item ID to the mobile reader 120.

If the item ID formatted in EPC structure exists among the extractedIDs, the OIS server 130 transmits the data corresponding to the item IDto the mobile reader 120.

As described above, the information on an item is provided by the mobilereader in different manners in pre-purchase state and post-purchasestate.

FIG. 2 is a signaling diagram illustrating signal flows of a system forproviding information on an item in a pre-purchase state according to anexemplary embodiment of the present invention.

The local server 250 of each salesroom stores the certificates havingrespective authentication values assigned to the items on shelves. Thecertificates are received from the OIS server 230 in advance.

If a customer carrying the mobile reader 220 enters the salesroom, themobile reader 220 receives a certificate CerTficate(C_(i)) containing anOIS server location information and an authentication value C_(i) fromthe local server 250.

Next, the mobile reader 220 transmits a query (request_(p), C_(i)) to aRFID tag 210 attached to an item for requesting the item ID.

If the query (request_(p), C_(i)) is detected, the RFID tag 210generates a keyed hash function h_(K)(C_(i)) and transmits an NIDobtained by performing an exclusive-OR (XOR) operation on the item ID tothe mobile reader.

Upon receiving the NID, the mobile reader 220 transmits the NID andC_(i) to the OIS server 230 of which location is obtained from thecertificate CerTficate (C_(i)).

Finally, the OIS server 230 obtains the item ID using the key value Kand the NID and C_(i) received from the mobile reader 220. The OISserver 230 retrieves data Data_(T) corresponding to the recovered itemID from a database and determines whether the C_(i) received from themobile reader 220 belongs to an authentication value list listC(={C}).If C_(i) belongs to listC(={C}), the OIS server 230 transmits the dataData_(T) corresponding to the EPC of the RFID tag 210 to the mobilereader 220.

Accordingly, the mobile reader 220 displays Data_(T) received from theOIS server 230 as the item information.

FIG. 3 is a signaling diagram illustrating signal flows for an initialsetting of a mobile reader of the system of FIG. 2.

In FIG. 3, the mobile reader 320 and the OIS server 330 communicate witheach other through a typical secure wireless communication link. Thecustomer purchasing the item receives a key K from the OIS server 330 bymeans of the mobile reader 320 through the secure wireless communicationlink. The key K is used for reading out the information on the purchaseitem. By using the key K received from the OIS server 330, thecustomer's privacy can be protected.

FIG. 4 is a signaling diagram illustrating signal flows of a system forproviding information on an item in a post-purchase state according toan exemplary embodiment of the present invention.

First, the mobile reader 420 generates a first pseudo random numberr_(i) using a Pseudo Random Number Generator (PRNG) and transmits aquery (request_(t), r_(i)) for requesting data on the purchased item.

If the query (request_(t), r_(i)) is detected, the RFID tag 410generates a keyed hash function h_(K)(r_(i)) using the first pseudorandom number r_(i) and the key K. Next, the RFID tag 410 generates asecond pseudo random number r_(T) and, in turn, a PID and a KID usingthe r_(T). The PID and KID are transmitted to the mobile reader 420.

If the PID and KID are received, the mobile reader 420 extracts thesecond pseudo random number r_(T) from the KID using all the keys(K_(j)) and, in turn, extracts the item IDs of the RFID tag 410 from thePID using the r_(T). Among the item IDs, ones formatted in the EPCstructure are transmitted to the OIS server 430.

An ONS server (not shown) transmits an URL of the OIS server 430 storingthe data corresponding to the authentication ID, i.e. genuine item ID,to the mobile reader 420.

Next, the mobile reader 420 requests the data on the EPC to the OISserver 430 identified by the URL provided by the ONS server.

Finally, the OIS server 430 transmits the data Data_(T) corresponding tothe EPC to the mobile reader 420.

FIG. 5 is a flowchart illustrating a pre-purchase item informationprovision method using an RFID system according to an exemplaryembodiment of the present invention.

Referring to FIG. 5, a mobile reader carried by a customer monitors soas to detect its entrance to a salesroom at step 510. If its entrance toa sales room is detected, the mobile reader receives a certificatecontaining information on the location of an OIS server and anauthentication value from a local server installed in the salesroom atstep 520. Before entering the salesroom, the mobile reader stays in astandby state.

After receiving the certificate, the mobile reader determines whether anitem information request signal is detected at step 530. The iteminformation request signal can be generated by a button manipulation orby moving the mobile reader toward a target item having an RFID tag. Ifan item information request signal is detected, the mobile readertransmits a query requesting ID of the target item and receives an itemID encrypted by the authentication value from the RFID tag at step 540and, otherwise, maintains a standby state.

Next, the mobile reader transmits the encrypted item ID andauthentication value to the OIS server at step 550. At this time, theOIS server is identified by the location information contained in thecertificate.

Upon receiving the encrypted item ID and authentication value, the OISserver searches a database for the authentication value at step 560.

If the authentication value is found, the OIS server retrieves datacorresponding to item ID from the database and transmits the data to themobile reader at step 570 and, otherwise, ends the procedure.

FIG. 6 is a flowchart illustrating an initial setting procedure forproviding purchased item information of the item information provisionmethod according to an exemplary embodiment of the present invention.

Referring to FIG. 6, the mobile reader determines whether a specificitem is purchased at step 610. If no item is purchased, the mobilereader stays in a standby state.

If it is determined that an item is purchased, the mobile readerreceives a key of the purchased item from an OIS server at step 620. Inthis manner, the mobile reader collects the purchased item keys forgenerating a purchased item list.

FIG. 7 is a flowchart illustrating a post-purchase item informationprovision method using an RFID system according to an exemplaryembodiment of the present invention.

Referring to FIG. 7, the mobile reader monitors so as to detect apurchased item information request command at step 730. The purchaseditem information request command is generated by a key manipulation ofthe user.

If a purchased item information request command is detected, the mobilereader transmits a query requesting data on the purchased item at step740. The query contains a first pseudo random number generated by themobile reader.

Next, the mobile reader receives a first and second values from the RFIDtag attached to the purchased item at step 750. The first value isgenerated by encrypting the item ID using a second pseudo random numberand the second value is generated by encrypting the second pseudo randomnumber using a tag key. The second pseudo random number is generated bythe RFID tag.

Upon receiving the first and second values, the mobile reader extractsthe second pseudo random number from the second value using the tag keysstored within the mobile reader and extracts the item ID from the firstvalue using the second pseudo random number at step 760.

Finally, the mobile reader transmits one of the extracted item IDs whichis formatted in EPC structure to the OIS server and receives the datacorresponding to the item ID from the OIS server at step 770.Preferably, the post-purchase item information provision method includesa step in which the mobile reader displays purchased item informationobtained by processing the data received from the OIS server on a screenof the mobile reader.

The item information provision method of the present invention allowsthe customer to obtain information on an item using a certificate issuedby the item manufacturer before and after purchase, thereby providingreliable information on the item and protecting a purchaser's privacy,efficiently.

The item information provision method of the present invention isadvantageous in providing reliable item information before purchasingit. In the item information provision system of the present invention, alocal server installed in the salesroom stores the certificates issuedby the item manufacturer and the local server provides the mobile readerwith the certificates. The mobile reader can obtain the information onthe item using the authentication value (C_(i)) and the locationinformation of a server having item information received from the localserver, resulting in improvement of reliability of the item information

The item information provision method of the present invention isadvantageous in protection against information eavesdropping. In theitem information provision system of the present invention, the RFID tagtransmits a random value obtained by encrypting the item ID (EPC) inresponse to a query transmitted by the mobile reader. Before the item ispurchased, the item ID is encrypted by a hash function of anauthentication value so as to be transmitted in the form of NID. Sincethe item ID of the RFID tag is transmitted in the form of NID encryptedby a hash function of an authentication value before being purchased andin the form of PID encrypted by a random value generated by the mobilereader and a keyed hash function, it results in protection ofeavesdropping on the item ID and other information.

The item information provision method of the present invention isadvantageous in protection against a purchaser's position tracking. Thischaracteristic should be essential for an RFID system. In the iteminformation provision system of the present invention, the purchaseditem is managed by the mobile reader with a unique key received from thesystem. Since the RFID tag transmits different value (PID, KID)encrypted with a unique key of the RFID tag and a keyed hash function, aperson who doesn't know the key cannot obtain the item ID embedded inthe RFID tag, resulting in preventing the customer from being tracked.

In the conventional RFID system, the code information embedded in theRFID tag is transmitted to the reader, whereby user privacy is likely tobe infringed by tracking the eavesdropped code information. Also, sincethe conventional RFID system uses a policy server, the system securitycan be seriously threatened by attacks on the policy server. In the RFIDsystem of the present invention, the unique code of the RFID tag isconcealed by a random value such that it is difficult for a person toeavesdrop on the unique code, thereby improving user's privacy withoutan external server.

Unlike the conventional RFID system, the RFID system of the presentinvention uses an RFID reader embedded in the user's own mobile device,thereby efficiently protecting user privacy without an additionaldevice. Also, the RFID system of the present invention allows the userto manage information on the purchased items without support of anexternal server, resulting in minimization of information leakage.

The item information provision method of the present invention isadvantageous in protection against forgery. In the item informationprovision system of the present invention, the item ID of the purchaseditem can be obtained only with a tag key (K) stored within the mobilereader, thereby avoiding a third party's forgery of the item ID.Although an attacker eavesdrops on the information (PID or KID) betweenthe mobile reader and the RFID tag with spoofing or retransmissionattacks, it is impossible for the attacker to know the keyed hashfunction h_(K)(r_(i)) of a random value which changes every sessionwithout the unique tag key (K), resulting in robust security of taginformation.

In the conventional RFID system using a MARP (Mobile Agent for RFIDPrivacy) scheme, a proxy is used for protecting user privacy andsecurity. Such RFID system solves the privacy infringement and securityproblems by exchanging random values between the tag and mobile (MRAP),between the mobile (MARP) and reader, and between the reader anddatabase.

However, the MARP-based RFID system requires the proxy as an additionalelement and should monitor all communications between the tag andreader. In order to guarantee secure communication, a public key centeris additionally required for managing the keys of the reader, tag,server, and proxy. In the RFID system of the present invention, themobile device acts as the RFID reader such that no additional device orfacility such as public center and external server is needed whileefficiently protecting the user privacy and security.

Table 3 is an efficiency comparison result between the conventionalMARP-based RFID system and the RFID system of the present invention.

TABLE 3 Protocol MARP scheme Present invention Storage Tag 3I 2I spaceMobile 7I 1I reader database 5I 2I Computation Tag 2H + 3X 1H +1X(pre-purchase) amount 1H + 2X(post-purchase) Mobile (3E + 1D + 2V +—(pre-purchase) reader 2S +1H + 1X) * M (1H + 2X) * N(post- purchase)database 1E + 3D + 2V + 1H + 1X(pre-purchase) 1S + 2H + 1X—(post-purchase)

In table 3, I denotes an output length of a hash function or a length ofthe key or the ID, H denotes a hash operation, X denotes XOR bitoperation, E denotes a encryption operation, D denotes a decodingoperation, V denotes a signature verification operation, S denotes asignature operation, M denotes a number of tags in a MARP detectablerange, N denotes a number of keys possessed by the mobile reader, anddenotes no consideration.

As shown in table 3, the RFID system of the present invention issuperior to the MARP-based RFID system in terms of efficiency.

Preferably, the present invention provides a computer readable storagemedia storing programs for executing a pre-purchase item informationprovision method using RFID system.

Preferably, the present invention provides a computer readable storagemedia storing programs for executing the post-purchase item informationprovision method using RFID system.

The item information provision method of the present invention can beexecuted in the form of software. When the item information provisionmethod is executed in the form of software, the software includes codesegments for executing operations for implementing the informationprovision method. The programs and code segments can be stored in aprocessor-readable storage media and transmitted in the form of computerdata signals carried by carrier waves.

The computer readable storage media include all kinds of recordingdevices that can store data in a computer-readable format. The computerreadable storage media include Read Only Memory (ROM), Compact Disk ROM(CD-ROM), Digital Video Disc ROM (DVD±ROM), DVD-RAM, magnetic tape,floppy disk, hard disk, and optical data storage device. The computerreadable storage media can be distributed in a distributed computernetwork and the computer readable codes are stored and executed in adistributed computing manner.

Although exemplary embodiments of the present invention have beendescribed in detail hereinabove, it should be clearly understood thatmany variations and/or modifications of the basic inventive conceptsherein taught which may appear to those skilled in the present art willstill fall within the spirit and scope of the present invention, asdefined in the appended claims.

As described above, the item information provision method and system ofthe present invention can guarantee reliability of information on anitem in the pre-purchase state and prevent the information from beingeavesdropped in both the pre-purchase and post-purchase states. Also,the item information provision method and system can prevent the tag IDfrom being tracked, thereby protecting a purchaser's privacy, preventingthe tag from being forged, and improving computation efficiency.

1. A pre-purchase item information provision method for a radio frequency identification system, comprising: transmitting, if a mobile reader is detected by a local server installed in a salesroom, a certificate containing information on a location of an object information service server and an authentication value to the mobile reader; transmitting, from the mobile reader, a query requesting an item ID to a tag attached to a target item; transmitting, from the tag, item ID information generated by encrypting the item ID using the authentication value to the mobile reader; transmitting, from the mobile reader, the item ID information and the authentication value to the object information service server; and transmitting, from the object information service server, data retrieved from a database corresponding to the item ID, the data being retrieved when the authentication value exists in the database.
 2. The pre-purchase item information provision method of claim 1, wherein the item ID information is a value obtained by performing an exclusive-OR operation on the item ID and a keyed hash h_(K)(C_(i)) obtained by performing a hash operation on a tag key, hash function, and authentication value (C_(i)).
 3. The pre-purchase item information provision method of claim 1, wherein the object information server stores information associated with Electronic Product Code (EPC).
 4. A pre-purchase item information display method for a mobile reader in a radio frequency identification system, comprising: receiving, at the mobile reader, a certificate containing information on a location of an object information service server and authentication value from a local server installed in a salesroom; requesting a tag attached to an item for an item ID embedded in the tag; receiving item ID information generated by encrypting the item ID using the authentication value from the tag; transmitting the item ID information and the authentication value to the object information service server; and receiving data corresponding to the item ID from the object information service server.
 5. The pre-purchase item information display method of claim 4, wherein the item ID information is a value obtained by performing an exclusive-OR operation on the item ID and a keyed hash h_(K)(C_(i)) obtained using a tag key, hash function, and authentication value (C_(i)).
 6. A post-purchase item information provision method for a radio frequency identification system, comprising: receiving, at a mobile reader, item keys of purchased items from an object information service server; transmitting a query containing a first random value generated by the mobile reader to a tag attached to the purchased item; receiving a first value and a second value from the tag, the first value being obtained by encrypting an item ID with a second random value generated by the tag, the second value being obtained by encrypting the second random value with the item key; extracting the second random value from the second value using the item key and extracting the item IDs from the first value using the second random value; transmitting the item ID formatted in electronic product code (EPC) among extracted item IDs to the object information service server; and receiving data corresponding to the item ID from the object information service server.
 7. The post-purchase item information provision method of claim 6, wherein receiving data corresponding to the item ID from the object information service server comprises: generating a purchased item list using the data received from the object information service server; and display the purchased item list on a screen of the mobile reader.
 8. The post-purchase item information provision method of claim 6, wherein receiving a first value and a second value from the tag comprises: generating, at the tag, the first value by performing an exclusive-OR operation on the item ID and the second random value (r_(T)); and generating a keyed hash (h_(K)(r_(i))) by performing a hash function on the first random value (r_(i)) and tag key value (K); and generating the second value by performing an exclusive-OR operation on the keyed hash (h_(K)(r_(i))) and the second random value (r_(T)).
 9. The post-purchase item information provision method of claim 6, wherein transmitting the item ID formatted in electronic product code (EPC) comprises: transmitting the item ID formatted in EPC to an object naming system server; receiving an uniform resource location of the object information service server from the object naming system server, the object naming system server checking the item ID and retrieving the uniform resource location of the object information service server having data corresponding to the item ID; requesting data on the EPC to the object information service server located by the uniform resource location; and receiving the data from the object information service server.
 10. A post-purchase item information provision method for a radio frequency identification system, comprising: receiving, at a mobile reader, item keys of purchased items from an object information service server; transmitting a query containing a first random value to a tag attached to an item, the first random value being generated by the mobile reader; receiving a first value and a second value from the tag, the first value being obtained by encrypting the item ID with a second random value, the second value being obtained by encrypting the second random value with the item key embedded in the tag; extracting the second random value from the second value using the item key and extracting the item IDs from the first value using the second random value; transmitting the item ID formatted in electronic product code (EPC) among extracted item IDs to the object information service server; and receiving data corresponding to the item ID from the object information service server.
 11. The post-purchase item information provision method of claim 10, further comprising displaying the purchased item list generated using the data received from the object information service server on a screen of the mobile reader.
 12. A computer-readable storage medium storing programs for executing the methods of claims 1 to
 11. 13. A pre-purchase item information provision system using a radio frequency identification system, comprising: a mobile reader which receives a certificate containing information on a location of an object information service server and an authentication value from a local server installed in a salesroom, transmits a query for requesting item ID to a tag attached to a specific item in response to a user command, receives item ID information generated by encrypting the item ID using the authentication value from the tag, and transmits the item ID information and the authentication value to the object information service server; a tag which receives the query from the mobile reader and transmits item ID information generated by encrypting the item ID using the authentication value; an object information service server which searches a database for the authentication value, retrieves, if the authentication value is found, data corresponding to item ID from the database, and transmits the data to the mobile reader; and a local server storing certificate containing the information of the object information service server and authentication value.
 14. A post-purchase item information provision system using a radio frequency identification system, comprising: a tag which generates a second random value, generates a first value by encrypting an item ID with the second random value, generates a second value by encrypting the second random value with a tag key, and transmits the first and second values to a mobile reader; a mobile reader which receives item keys of purchased items from an object information service server, transmits a query containing a first random value generated by the mobile reader to a tag attached to the purchased item, extracts the second random value from the second value using the item key, and extracts the item IDs from the first value using the second random value; and an object information service server which transmits, when an item ID formatted in electronic product code (EPC) is received, data corresponding to the item ID to the mobile reader.
 15. The post-purchase item information provision system of claim 14, further comprising an object naming system server which checks item ID received from the mobile reader and transmits a uniform resource location of the object information service server having the data corresponding to the item ID, wherein the mobile reader transmits item ID formatted in EPC to the object naming system server and requests data corresponding to the EPC to the object information service server using the uniform resource location and the item ID. 